We currently support security updates for the following versions:
| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.3 | ❌ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
- Do NOT create a public GitHub issue for security vulnerabilities
- Email security concerns to: [email protected]
- Include detailed information about the vulnerability
- Provide steps to reproduce the issue if possible
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fixes (if any)
- Your contact information
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Status Updates: Weekly until resolved
- Resolution: Depends on severity and complexity
When using Nebula in production:
- Keep Updated: Use the latest stable version
- Secure Configuration: Follow configuration guidelines
- Network Security: Implement proper firewall rules
- Access Control: Use appropriate authentication
- Monitoring: Monitor for unusual activity
- Data Protection: Encrypt sensitive data in transit and at rest
This security policy covers:
- Core Nebula application
- Official connectors
- Configuration and deployment guides
- Dependencies with known vulnerabilities
- Third-party connectors
- Custom configurations
- Infrastructure security
- Social engineering attacks
Thank you for helping keep Nebula secure!